From 44626a6e071f2d5e35affd29b1a553852f7fd349 Mon Sep 17 00:00:00 2001 From: JT Smith Date: Fri, 20 Dec 2002 06:10:44 +0000 Subject: [PATCH] Fixed a massive bug with the new authentication system. --- docs/upgrades/upgrade_4.9.4-4.9.5.sql | 1 + lib/WebGUI/Authentication.pm | 9 ++-- lib/WebGUI/Authentication/LDAP.pm | 48 +++++++---------- lib/WebGUI/Authentication/SMB.pm.disabled | 6 +-- lib/WebGUI/Authentication/WebGUI.pm | 26 +++++++-- lib/WebGUI/Operation/Account.pm | 66 +++++++++-------------- lib/WebGUI/Operation/Settings.pm | 2 +- lib/WebGUI/Operation/User.pm | 2 +- 8 files changed, 76 insertions(+), 84 deletions(-) diff --git a/docs/upgrades/upgrade_4.9.4-4.9.5.sql b/docs/upgrades/upgrade_4.9.4-4.9.5.sql index b8e6e4854..17c81db00 100644 --- a/docs/upgrades/upgrade_4.9.4-4.9.5.sql +++ b/docs/upgrades/upgrade_4.9.4-4.9.5.sql @@ -1,2 +1,3 @@ insert into webguiVersion values ('4.9.5','upgrade',unix_timestamp()); +insert into international (internationalId,languageId,namespace,message,lastUpdated) values (856,1,'WebGUI','You have no account properties to edit at this time.', 1040340432); diff --git a/lib/WebGUI/Authentication.pm b/lib/WebGUI/Authentication.pm index 38e4768cb..7a4f18012 100644 --- a/lib/WebGUI/Authentication.pm +++ b/lib/WebGUI/Authentication.pm @@ -69,9 +69,8 @@ These functions are available from this package: sub _execute { my ($authMethod, $function, $params) = @_; my $cmd = "WebGUI::Authentication::".$authMethod."::".$function; - my $result = eval {&$cmd($params)}; - WebGUI::ErrorHandler::fatalError("Missing method in Authentication module: $authMethod. ".$@) if($@); - return $result; + return eval {&$cmd($params)} unless ($@); + WebGUI::ErrorHandler::fatalError("Missing method in Authentication module: $authMethod. ".$@); } #------------------------------------------------------------------- @@ -289,7 +288,7 @@ sub registrationFormSave { =head2 registrationFormValidate ( ) -Returns an error string if there are any problems with the form data. +Returns the WebGUI username to user for this user, and returns an error string if there are any problems with the form data. =cut @@ -387,7 +386,7 @@ sub userFormSave { =head2 userFormValidate ( ) -Returns an error string if there are any problems with the form data. +Returns the WebGUI username to use for this user, and returns an error string if there are any problems with the form data. =cut diff --git a/lib/WebGUI/Authentication/LDAP.pm b/lib/WebGUI/Authentication/LDAP.pm index f286cadc1..577284eb6 100644 --- a/lib/WebGUI/Authentication/LDAP.pm +++ b/lib/WebGUI/Authentication/LDAP.pm @@ -64,7 +64,7 @@ sub authenticate { #------------------------------------------------------------------- sub adminForm { my $userData = WebGUI::Authentication::getParams($_[0],'LDAP'); - my $ldapUrl = $session{form}{'authLDAP.ldapUrl'} || $userData->{ldapUrl} || $session{setting}{ldapUrl}; + my $ldapUrl = $session{form}{'authLDAP.ldapUrl'} || $userData->{ldapUrl} || $session{setting}{ldapURL}; my $connectDN = $session{form}{'authLDAP.connectDN'} || $userData->{connectDN}; my $f; $f = WebGUI::HTMLForm->new; @@ -97,23 +97,17 @@ sub optionsLabel { sub registrationForm { my $f; $f = WebGUI::HTMLForm->new; - $f->text("authLDAP.ldapId",$session{setting}{ldapIdName}); + $f->text("authLDAP.ldapId",$session{setting}{ldapIdName},$session{form}{"authLDAP.ldapId"}); $f->password("authLDAP.ldapPassword",$session{setting}{ldapPasswordName}); return $f->printRowsOnly; } #------------------------------------------------------------------- sub registrationFormSave { - my($uri, $port, %args, $ldap, $auth, $search, $connectDN, $uid); + my($uri, $ldap, $auth, $search, $connectDN, $uid); my $uid = shift; - $uri = URI->new($session{setting}{ldapUrl}); - if ($uri->port < 1) { - $port = 389; - } else { - $port = $uri->port; - } - %args = (port => $port); - $ldap = Net::LDAP->new($uri->host, %args); + $uri = URI->new($session{setting}{ldapURL}); + $ldap = Net::LDAP->new($uri->host, (port=>$uri->port)); $ldap->bind; $search = $ldap->search (base => $uri->dn, filter => $session{setting}{ldapId}."=".$session{form}{'authLDAP.ldapId'}); if (defined $search->entry(0)) { @@ -123,27 +117,21 @@ sub registrationFormSave { WebGUI::Authentication::saveParams($uid,'LDAP', { connectDN => $connectDN, - ldapUrl => $session{setting}{ldapUrl} + ldapUrl => $session{setting}{ldapURL} }); - return $session{form}{'authLDAP.ldapId'}; } #------------------------------------------------------------------- sub registrationFormValidate { - my ($uri, $error, $ldap, $port, $search, $auth, $connectDN); - $uri = URI->new($session{setting}{ldapUrl}); - if ($uri->port < 1) { - $port = 389; - } else { - $port = $uri->port; - } - if ($ldap = Net::LDAP->new($uri->host, {port=>$port})) { + my ($uri, $error, $ldap, $search, $auth, $connectDN); + $uri = URI->new($session{setting}{ldapURL}); + if ($ldap = Net::LDAP->new($uri->host, (port=>$uri->port))) { if ($ldap->bind) { $search = $ldap->search (base=>$uri->dn,filter=>$session{setting}{ldapId}."=".$session{form}{'authLDAP.ldapId'}); if (defined $search->entry(0)) { $connectDN = "cn=".$search->entry(0)->get_value("cn"); $ldap->unbind; - $ldap = Net::LDAP->new($uri->host, {port=>$port}) or $error .= WebGUI::International::get(2,'Auth/LDAP'); + $ldap = Net::LDAP->new($uri->host, (port=>$uri->port)) or $error .= WebGUI::International::get(2,'Auth/LDAP'); $auth = $ldap->bind(dn=>$connectDN, password=>$session{form}{'authLDAP.ldapPassword'}); if ($auth->code == 48 || $auth->code == 49) { $error .= '
  • '.WebGUI::International::get(68); @@ -160,11 +148,13 @@ sub registrationFormValidate { } } else { $error = WebGUI::International::get(2,'Auth/LDAP'); + WebGUI::ErrorHandler::warn("Couldn't bind to LDAP server: ".$session{setting}{ldapURL}); } } else { $error = WebGUI::International::get(2,'Auth/LDAP'); + WebGUI::ErrorHandler::warn("Couldn't create LDAP object: ".$uri->host); } - return $error; + return ($session{form}{'authLDAP.ldapId'},$error); } #------------------------------------------------------------------- @@ -172,16 +162,16 @@ sub settingsForm { my $f; $f = WebGUI::HTMLForm->new; $f->readOnly(''.optionsLabel().''); - $f->url("authLDAP.ldapUrl",WebGUI::International::get(5,'Auth/LDAP'),$session{setting}{ldapUrl}); - $f->text("authLDAP.ldapId",WebGUI::International::get(6,'Auth/LDAP'),$session{setting}{ldapId}); - $f->text("authLDAP.ldapIdName",WebGUI::International::get(7,'Auth/LDAP'),$session{setting}{ldapIdName}); - $f->text("authLDAP.ldapPasswordName",WebGUI::International::get(8,'Auth/LDAP'),$session{setting}{ldapPasswordName}); + $f->url("ldapURL",WebGUI::International::get(5,'Auth/LDAP'),$session{setting}{ldapURL}); + $f->text("ldapId",WebGUI::International::get(6,'Auth/LDAP'),$session{setting}{ldapId}); + $f->text("ldapIdName",WebGUI::International::get(7,'Auth/LDAP'),$session{setting}{ldapIdName}); + $f->text("ldapPasswordName",WebGUI::International::get(8,'Auth/LDAP'),$session{setting}{ldapPasswordName}); return $f->printRowsOnly; } #------------------------------------------------------------------- sub userForm { - return ""; + return undef; } #------------------------------------------------------------------- @@ -190,7 +180,7 @@ sub userFormSave { #------------------------------------------------------------------- sub userFormValidate { - return ""; + return ($session{user}{username},""); } 1; diff --git a/lib/WebGUI/Authentication/SMB.pm.disabled b/lib/WebGUI/Authentication/SMB.pm.disabled index 0437d7cc4..0d78684db 100644 --- a/lib/WebGUI/Authentication/SMB.pm.disabled +++ b/lib/WebGUI/Authentication/SMB.pm.disabled @@ -106,7 +106,7 @@ sub registrationFormValidate { if ($smb > 0) { $error = '
  • '. $smbError{$smb} . "pdc: $pdc, bdc: $bdc, domain: $ntDomain"; } - return $error; + return ($session{form}{'authSMB.loginId'}, $error); } @@ -123,7 +123,7 @@ sub settingsForm { #------------------------------------------------------------------- sub userForm { - return ""; + return undef; } #------------------------------------------------------------------- @@ -132,7 +132,7 @@ sub userFormSave { #------------------------------------------------------------------- sub userFormValidate { - return ""; + return ($session{user}{username},""); } 1; diff --git a/lib/WebGUI/Authentication/WebGUI.pm b/lib/WebGUI/Authentication/WebGUI.pm index c37a920c3..8c55ae29a 100644 --- a/lib/WebGUI/Authentication/WebGUI.pm +++ b/lib/WebGUI/Authentication/WebGUI.pm @@ -62,6 +62,7 @@ sub optionsLabel { sub registrationForm { my $f; $f = WebGUI::HTMLForm->new; + $f->text("authWebGUI.username",WebGUI::International::get(50),$session{form}{"authWebGUI.username"}); $f->password("authWebGUI.identifier",WebGUI::International::get(51)); $f->password("authWebGUI.identifierConfirm",WebGUI::International::get(2,'Auth/WebGUI')); return $f->printRowsOnly; @@ -75,8 +76,17 @@ sub registrationFormSave { #------------------------------------------------------------------- sub registrationFormValidate { my ($error); + if ($session{form}{"authWebGUI.username"} =~ /^\s/ || $session{form}{"authWebGUI.username"} =~ /\s$/) { + $error = '
  • '.WebGUI::International::get(724); + } + if ($session{form}{"authWebGUI.username"} eq "") { + $error .= '
  • '.WebGUI::International::get(725); + } + unless ($session{form}{"authWebGUI.username"} =~ /^[A-Za-z0-9\-\_\.\,\@]+$/) { + $error .= '
  • '.WebGUI::International::get(747); + } if ($session{form}{'authWebGUI.identifier'} ne $session{form}{'authWebGUI.identifierConfirm'}) { - $error = '
  • '.WebGUI::International::get(3,'Auth/WebGUI'); + $error .= '
  • '.WebGUI::International::get(3,'Auth/WebGUI'); } if ($session{form}{'authWebGUI.identifier'} eq "password") { $error .= '
  • '.WebGUI::International::get(5,'Auth/WebGUI'); @@ -84,7 +94,7 @@ sub registrationFormValidate { if ($session{form}{'authWebGUI.identifier'} eq "") { $error .= '
  • '.WebGUI::International::get(4,'Auth/WebGUI'); } - return $error; + return ($session{form}{"authWebGUI.username"},$error); } #------------------------------------------------------------------- @@ -96,6 +106,7 @@ sub settingsForm { sub userForm { my $f; $f = WebGUI::HTMLForm->new; + $f->text("authWebGUI.username",WebGUI::International::get(50),$session{user}{username}); $f->password("authWebGUI.identifier",WebGUI::International::get(51),"password"); $f->password("authWebGUI.identifierConfirm",WebGUI::International::get(2,'Auth/WebGUI'),"password"); return $f->printRowsOnly; @@ -109,13 +120,22 @@ sub userFormSave { #------------------------------------------------------------------- sub userFormValidate { my ($error); + if ($session{form}{"authWebGUI.username"} =~ /^\s/ || $session{form}{"authWebGUI.username"} =~ /\s$/) { + $error = '
  • '.WebGUI::International::get(724); + } + if ($session{form}{"authWebGUI.username"} eq "") { + $error .= '
  • '.WebGUI::International::get(725); + } + unless ($session{form}{"authWebGUI.username"} =~ /^[A-Za-z0-9\-\_\.\,\@]+$/) { + $error .= '
  • '.WebGUI::International::get(747); + } if ($session{form}{'authWebGUI.identifier'} ne $session{form}{'authWebGUI.identifierConfirm'}) { $error = '
  • '.WebGUI::International::get(3,'Auth/WebGUI'); } if ($session{form}{'authWebGUI.identifier'} eq "") { $error .= '
  • '.WebGUI::International::get(4,'Auth/WebGUI'); } - return $error; + return ($session{form}{"authWebGUI.username"},$error); } diff --git a/lib/WebGUI/Operation/Account.pm b/lib/WebGUI/Operation/Account.pm index f43426392..7a7d5330f 100644 --- a/lib/WebGUI/Operation/Account.pm +++ b/lib/WebGUI/Operation/Account.pm @@ -63,23 +63,15 @@ sub _accountOptions { } #------------------------------------------------------------------- -sub _hasBadUsername { - my ($error,$otherUser); - if ($_[0] =~ /^\s/ || $_[0] =~ /\s$/) { - $error = '
  • '.WebGUI::International::get(724); - } - if ($_[0] eq "") { - $error .= '
  • '.WebGUI::International::get(725); +sub _checkForDuplicateUsername { + my $username = $_[0]; + my ($otherUser) = WebGUI::SQL->quickArray("select count(*) from users where username=".quote($username)); + if ($otherUser && $username ne $session{user}{username}) { + return '
  • '.WebGUI::International::get(77).' "'.$username.'too", "'.$username.'2", ' + .'"'.$username.'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"'; + } else { + return ""; } - unless ($_[0] =~ /^[A-Za-z0-9\-\_\.\,\@]+$/) { - $error .= '
  • '.WebGUI::International::get(747); - } - ($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'"); - if ($otherUser ne "" && $otherUser ne $session{user}{username}) { - $error .= '
  • '.WebGUI::International::get(77).' "'.$_[0].'too", "'.$_[0].'2", ' - .'"'.$_[0].'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"'; - } - return $error; } #------------------------------------------------------------------- @@ -122,9 +114,6 @@ sub www_createAccount { $f = WebGUI::HTMLForm->new(); $f->hidden("op","createAccountSave"); - unless ($session{setting}{authMethod} ne "WebGUI" && $session{setting}{usernameBinding}) { - $f->text("username",WebGUI::International::get(50),$session{form}{username}); - } $f->raw(WebGUI::Authentication::registrationForm()); $a = WebGUI::SQL->read("select * from userProfileField,userProfileCategory where userProfileField.profileCategoryId=userProfileCategory.profileCategoryId @@ -179,15 +168,10 @@ sub www_createAccount { sub www_createAccountSave { my ($profile, $u, $username, $uri, $temp, $ldap, $port, %args, $search, $cmd, $connectDN, $auth, $output, $error, $uid, $encryptedPassword, $fieldName); - if ($session{setting}{authMethod} ne "WebGUI" && $session{setting}{usernameBinding}) { - $username = $session{form}{loginId}; - } else { - $username = $session{form}{username}; - } - $error = _hasBadUsername($username); - $error .= WebGUI::Authentication::registrationFormValidate(); + ($username, $error) = WebGUI::Authentication::registrationFormValidate(); ($profile, $temp) = _validateProfileData(); $error .= $temp; + $error .= _checkForDuplicateUsername($username); if ($error eq "") { $u = WebGUI::User->new("new"); $u->username($username); @@ -244,20 +228,18 @@ sub www_deactivateAccountConfirm { sub www_displayAccount { my ($output, %hash, @array, $f); if ($session{user}{userId} != 1) { - $output .= '

    '.WebGUI::International::get(61).'

    '; - $f = WebGUI::HTMLForm->new; - $f->hidden("op","updateAccount"); - $f->readOnly($session{user}{karma},WebGUI::International::get(537)) if ($session{setting}{useKarma}); - - if ($session{user}{authMethod} ne "WebGUI" && $session{setting}{usernameBinding}) { - $f->hidden("username",$session{user}{username}); - $f->readOnly($session{user}{username},WebGUI::International::get(50)); + $output = '

    '.WebGUI::International::get(61).'

    '; + my $form = WebGUI::Authentication::userForm(); + unless (defined $form) { + $output .= WebGUI::International::get(856); } else { - $f->text("username",WebGUI::International::get(50),$session{user}{username}); + $f = WebGUI::HTMLForm->new; + $f->hidden("op","updateAccount"); + $f->readOnly($session{user}{karma},WebGUI::International::get(537)) if ($session{setting}{useKarma}); + $f->raw($form); + $f->submit; + $output .= $f->print; } - $f->raw(WebGUI::Authentication::userForm()); - $f->submit; - $output .= $f->print; $output .= _accountOptions(); } else { $output .= www_displayLogin(); @@ -472,13 +454,13 @@ sub www_recoverPasswordFinish { #------------------------------------------------------------------- sub www_updateAccount { - my ($output, $error, $encryptedPassword, $passwordStatement, $u); + my ($output, $username, $error, $encryptedPassword, $passwordStatement, $u); if ($session{user}{userId} != 1) { - $error = WebGUI::Authentication::userFormValidate(); - $error .= _hasBadUsername($session{form}{username}); + ($username, $error) = WebGUI::Authentication::userFormValidate(); + $error .= _checkForDuplicateUsername($username); if ($error eq "") { $u = WebGUI::User->new($session{user}{userId}); - $u->username($session{form}{username}); + $u->username($username); WebGUI::Authentication::userFormSave(); $output .= '
  • '.WebGUI::International::get(81).'

    '; WebGUI::Session::refreshUserInfo($u->userId); diff --git a/lib/WebGUI/Operation/Settings.pm b/lib/WebGUI/Operation/Settings.pm index 32a58373c..92a0da950 100644 --- a/lib/WebGUI/Operation/Settings.pm +++ b/lib/WebGUI/Operation/Settings.pm @@ -52,7 +52,7 @@ sub www_editUserSettings { $f->integer("karmaPerLogin",WebGUI::International::get(540),$session{setting}{karmaPerLogin}); $f->interval("sessionTimeout",WebGUI::International::get(142),WebGUI::DateTime::secondsToInterval($session{setting}{sessionTimeout})); $f->select("authMethod",$session{authentication},WebGUI::International::get(119),[$session{setting}{authMethod}]); - $f->yesNo("usernameBinding",WebGUI::International::get(306),$session{setting}{usernameBinding}); + #$f->yesNo("usernameBinding",WebGUI::International::get(306),$session{setting}{usernameBinding}); $f->yesNo("selfDeactivation","Allow users to deactivate their account",$session{setting}{selfDeactivation}); foreach (keys %{$session{authentication}}) { $f->raw(WebGUI::Authentication::settingsForm($_)); diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm index bb10edc5b..6c323f3e9 100644 --- a/lib/WebGUI/Operation/User.pm +++ b/lib/WebGUI/Operation/User.pm @@ -224,7 +224,7 @@ sub www_editUser { Selfdestructed =>WebGUI::International::get(819) ); $f->select("status",\%status,WebGUI::International::get(816),[$u->status]); - $f->select("authMethod",$session{authentication},WebGUI::International::get(164),[$session{setting}{authMethod}]); + $f->select("authMethod",$session{authentication},WebGUI::International::get(164),[$u->authMethod]); foreach (keys %{$session{authentication}}) { $f->raw(WebGUI::Authentication::adminForm($u->userId,$_)); }